Commit Graph

20 Commits

Author SHA1 Message Date
tracefinder
5df8a8e979
Add a build tag to turn off TPM12 support and avoid tspi dependency (#232)
* Add build tag to turn off TPM12 support and avoid tspi dependency

* Add notspi build flag related information in README.md
2021-07-30 12:26:45 -07:00
Paweł Szałachowski
6848928436
Add AK.Certify() and use CertifyEx() for certification (#210)
* replace CertifyCreation() by CertifyEx() to handle certification of objects for which we cannot extract CreationData
* add AK.Certify(handle) allowing to certify externally-created keys
2021-04-23 14:41:30 -07:00
Paweł Szałachowski
1bbba0bdfd
Minor fixes and additions (#207)
* replace ReadPublic() by DecodePublic() when creating and loading keys: the current implementation calls ReadPublic() even if public data is already accessible
* drop handle() from the ak interface: it is unnecessary
* add Blobs() to attest.Key: to allow agnostic key marshaling
2021-04-01 19:29:45 -07:00
Paweł Szałachowski
440d34a877
Support for application signing keys (#201) 2021-03-08 12:27:00 -08:00
Tom D'Netto
5eca4dfe2a Disable linux TPM12 support if build without cgo 2020-09-24 11:35:08 -07:00
Tom D
ebb0b62d80
Split linuxTPM -> {trousersTPM,wrappedTPM20}, implement CommandChannel
* Split linuxTPM -> {trousersTPM,wrappedTPM20} + prefix windows key type with windows

* Address feedback, implement CommandChannel
2020-05-05 16:56:57 -07:00
Tom D
1045ef6327
Refactor *platformTPM -> tpmBase interface (#160) 2020-05-05 14:56:40 -07:00
Brandon Weeks
2bc8d58530 ParseEventLog fuzz target
A go-fuzz target for the ParseEventLog function. It has been tested
with go-fuzz and go-fuzz + libFuzzer.

oss-fuzz requires a statically built fuzzer binary, so `gofuzz` build
tags are added to avoid building files that depend on go-tspi. A mock
tpm_other.go file is also included to satisfy the `platformTPM`
interface.
2019-10-09 10:05:21 +11:00
Brandon Weeks
73020b971b Rename AIK to AK everywhere
AIK is the terminology used as part of the TPM 1.2 specifications.
2019-10-09 08:56:19 +11:00
Brandon Weeks
74a97ba02f Revert WIP fuzzing work 2019-10-08 18:08:43 +11:00
Brandon Weeks
58786a4742 Target gofuzz build tag instead of cgo
go-fuzz + libFuzzer can't be built with `CGO_ENABLED=0`.
2019-10-08 17:52:40 +11:00
Brandon Weeks
355782cbf9 Fix building without cgo 2019-10-08 17:19:02 +11:00
Brandon Weeks
59a5f6851d Simple fuzzer for ParseEventLog 2019-10-08 16:09:51 +11:00
Tom D
cf79e026c5
Implement fmt.Stringer on HashAlg (#109) 2019-09-23 12:37:40 -07:00
Eric Chiang
39d2f6efff attest: don't define exported API in files with build tags
It's best practice to define as much code, especially exported API, in
files that can build on any platform. With as little code as possible in
OS specific files.

Ensure files with build tags don't contain any exported APIs. This helps
us not accidentally define API that only works on one platform, or have
incompatible method defintions between OSes.

TODO: follow up with an "unsupported" implementation so this builds on
Mac or without CGO (e.g. for servers)?
2019-09-19 13:50:38 -07:00
Tom D
a406c399ba
Add error for passing non-SHA1 algorithm to Quote() on TPM1.2, compute the go-tpm/tpm2 alg in more standard way (#100) 2019-09-18 10:16:00 -07:00
Eric Chiang
7d7676beda attest: move public key parsing server side
Event log parsing requires knowning both the public key and signing
parameters. Symmantically, this information should be from an attested
public key blob, not additional data passed by the client.

Introduce a new method for parsing an AIK's public key blob, returning
a new AIKPublic struct.
2019-08-06 11:09:20 -07:00
Tom D
8f4f17e679
Implement credential activation API (#56) 2019-07-23 15:22:53 -07:00
Eric Chiang
2464131d7c Add a Public() method to the AIK that returns a public key (#55)
We plan to identify AIKs based on their public key. The raw blob should
be available via the AttestationParameters, but we hope that users will
only use that struct for generating challenges.

Because this parses the public key on AIK creation and loading, this PR
should have existing coverage.
2019-07-22 09:18:51 -07:00
Tom D
90e37eacce
Refactor part 1: Refactor logic for keys into structs for each TPM/platform invariant. (#53)
* Refactor serialized keys into own structure, in preparation for making Key an interface.

* Refactor key logic into separate structures for each platform/TPMversion invariant.

* Implement review feedback
2019-07-19 13:05:18 -07:00